Jump to content

scar11

Members
  • Content Count

    14
  • Joined

  • Last visited

About scar11

  • Rank
    Candidate
  1. Hi! I feel like the Self-Defense mechanism packed in Kaspersky would protect the app from such things. Also, it appears from what I've experienced before, that all the files in Kaspersky's folder, as well as registry entries are protected through this component. As of using Microsoft EMET, I tried including KIS 2014 before in the list of apps and I had a serious issue with, in fact, the self-defense mechanism. I suspect (but don't know for sure) that EMET implements stuff or attempts to modify running processes and as it tries to do that with KAV process it is blocked by the self-defense mechanism. Perhaps you shouldn't worry that much about the safety of Kaspersky's own products, even with remote proofs, they're the guys that fight exploits and new threats. I think they've tested their products against many types of Malicious codes, some of which (the very dangerous ones) regular users may never encounter in the wild. But, yeah, as Egor Kurnev said, let's wait for Joxean Koret to demonstrate a successful attack on Kaspersky's dll libraries, with Kaspersky's regular recommended settings (the green screen).
  2. Hi Richbuff, I followed your instructions, completely removed the app (except license information) and cleaned up the stuff from my computer (clean, defrag, memory checks...). I then reinstalled KIS 2015 and everything works fine. It's been almost two days and the issue seems to have disappeared. I suspect that, with Kaspersky's Self-Defense mechanism, defragmentation of KIS files wasn't successful due to limitations by the component. With fragmented KIS files, the UI process would need to work more in order to read it's own files and find them on the disk. It got better because of the cached and recently used files. Got worst again (before reinstalling) because I stopped soliciting the interface. I suspect that was what happened because I noticed before that when I clicked the icon, my HDD led light went crazy. Now that I uninstalled the app, defragmentation was possible (at least for what was left) and the app was clean installed. Now everything is simply fine (for now), thanks for the tricks, keep up your good advice, you've been of great help many times!!!
  3. Hi Richbuff, Thanks for answering! I upgraded on the top of the old version. I exited KIS2014 and waited for the process to disappear. Then I launched the installer for KIS2015. Installation went smoothly and everything worked fine, besides that particular issue, which was present before in KIS2014 already. I'll follow the steps in the 4th important topic and post the results in here! Thank you!
  4. Hello! I had this issue in Kaspersky Internet Security 2014 and it seems to be still present in 2015. I just upgraded yesterday and everything seems fine, the software is simply awesome, but I have a problem when it comes to soliciting the interface more than, say 3 or 4 times. I open the interface to check the features and configure stuff twice or more then I close it (you know I'm pretty excited). After a little while not too long, I click the tray icon to open it again and it usually appears right away when Kaspersky has just loaded, however, now it takes some 5+ seconds just to open. Navigating in the software is a nightmare after this unless I close it, reopen it, close it again for some 3 to 4 times until it seems to open up quickly, then it works fine again. Note that if I exit, and then reload Kaspersky (or restart the computer which does the same thing for the UI), it is again quick and responsive, I close it, give it some time then I try to open it again, and it is slow as hell. Do you think there is a configuration issue here? or do I need to do something in the system? I'm using Windows 8.1 Pro 64-bit on a Toshiba satellite L755 Core i7 6GB of RAM. Thank you!!
  5. I am sorry this didn't help. Did you try contacting the technical support? They are helpful!
  6. Hello, It is sometimes necessary to yield more filters so that Kaspersky allows an application to work. You can try this: 1 - Open Kaspersky's main window by clicking on the tray icon located in the system tray icons area 2 - Click on the green up arrow to show more menu buttons 3 - Click on the Application Control button 4 - Click on the Manage Applications link 5 - Click on the Restrictions link located in the top of the window that appeared after step 4 6 - Locate the Application that malfunctions due to Kaspersky Now right click on the application name and select "Details and Rules", that should be the first option in the context menu that will be displayed. 7 - Click on the "Exclusions" Tab and check the "Do not scan network traffic" checkbox Save your changes and try again Important: By outlaying the following action, you actually prevent Kaspersky from scanning the network traffic that the excluded application generates. This means that if an ongoing malware download is progressing, it will not be caught until the file is downloaded and the File Antivirus component scans it. Attached is a picture of the last step. Hope this help. Note you may exclude more things from the exclusions tab until you figure out what causes the issue.
  7. Hello, I am not sure whether this is a bug or not, but I realized that using Process Hacker, I was able to terminate the AVP.exe processes running by Kaspersky Internet Security 2014 on my computer. I made sure to have the self-defense of the application enabled, but that did not prevent Process Hacker from terminating AVP.exe. I realized that process hacker can be ran as a command line utility to kill a process. Process Hacker can be transported as a standalone app and so can be embedded in a packed malware. I think that it could easily be invoked by malware to terminate KAV process which took a certain time to restart automatically in my PC. In the meantime, I was able to successfully download and start EICAR.COM that displayed the payload meaning that the computer was not protected during this time. I don't know to what extent this could reduce the protection level of Kaspersky, but it certainly does, at least that AVP can be terminated is I think something that should be addressed seriously. Thanks
  8. Hello, I realized in the KIS selling page that some features in Kaspersky would not be available under 64-bit OS. After further investigation I realized that KPP (Kernel Patch Protection) enforced by Microsoft on 64-bit OS prevents Kaspersky from patching the kernel, which appears to offer some high protection levels. Even if Kaspersky is a great and sometimes impressive product, I would like to know if the security of my 64-bit Windows 8.1 Pro is still preserved with Kaspersky Internet Security 2014 or is it not. Does KIS rely heavily on patching the kernel (Such as McAfee products) or not. And what are the functions that are not working in the 64-bit systems? Thanks!
  9. Also, If KIS repeatedly notifies about the malicious software, I think it has trouble completely removing it. There are many reasons but I have faced two nasty ones in the past. Either the malware is a highly modified variant of a know previously treated software (which seems to be the case), and this means that signature based removal may fail in completely removing active threats. Or you may have a rootkit that is stealth in an efficient way making the rootkit scanner unable to detect it, in which case it re-infects your system whenever KIS cleans it from the threat you mentioned. What worked for me in both cases was: 1- Create a Rescue Disk using Kaspersky => http://support.kaspersky.com/us/10241 (it is preferred to create the rescue disk from a clean computer) 2- For legacy BIOS computers, modify the boot sequence and try to start from the USB disk or optical drive (or whatever support you used) that has the Kaspersky Rescue Disk 3- Try to connect to internet from the Kaspersky crafted OS, update the signatures, and start a full scan It is much easier to catch not only hard-to-remove infections, but also hidden rootkits as this environment is far less likely to be corrupted by a rootkit (Especially if you use a read only optical drive). Note: If you think this is not a rootkit, then a full scan under safe mode may be a faster solution and may work. However, I still prefer to use the rescue disk utility. I hope this will help you. I hate recurrent and hard to remove infections... edit: Also, and add emphasis to the correct instruction.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.